[Mageia-dev] Freeze push: openjpeg 1.5.0
David Walser
luigiwalser at yahoo.com
Sun Apr 22 03:55:16 CEST 2012
David Walser wrote:
> Funda Wang wrote:
>> Hello,
>>
>> Could somebody push openjpeg 1.5.0 into cauldron? It fixed
>> CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not
>> properly allocate memory during file parsing, which allows remote
>> attackers to execute arbitrary code via a crafted file.
>>
>> Thanks.
>
> Funda, does a patch exist for this? Mageia 1 should be vulnerable to this.
Funda, do you know what upstream commit(s) fixes this?
More information about the Mageia-dev
mailing list